CVE-2017-3216

EPSS 5.2%CWE-306

WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.

Produtos afetados

Green Packet · OX350 Huawei Technologies · BM2022 Huawei Technologies · HES-309M Huawei Technologies · HES-319M Huawei Technologies · HES-319M2W Huawei Technologies · HES-339M MADA · Soho Wireless Router ZTE · OX-330P ZyXEL · MAX218M ZyXEL · MAX218M1W ZyXEL · MAX218MW ZyXEL · MAX308M ZyXEL · MAX318M ZyXEL · MAX338M

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt http://www.kb.cert.org/vuls/id/350135